<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<% request.setCharacterEncoding("UTF-8"); %>
<%@ page import="java.sql.*" %>
<%@ page import="javax.servlet.http.Cookie" %>
<%@ page import="java.io.PrintWriter" %>
<%
    // 检查登录
    Cookie[] cookies = request.getCookies();
    String logonusername = null;
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if ("logonusername".equals(cookie.getName())) {
                logonusername = cookie.getValue();
                break;
            }
        }
    }
    request.setAttribute("logonusername", logonusername);

    // 获取表单数据
    String bookname = request.getParameter("bookname");
    String author = request.getParameter("author");
    String booknum = request.getParameter("booknum");
    String msg = request.getParameter("msg");

    if (logonusername == null || logonusername.isEmpty()) {
        out.println("<script>alert('未登录！');window.location.href='../login.jsp';</script>");
        return;
    }
    if (bookname == null || bookname.isEmpty() || author == null || author.isEmpty() || booknum == null || booknum.isEmpty()) {
        out.println("<script>alert('请填写书籍必要参数！');window.location.href='../adds.jsp';</script>");
        return;
    }

    Connection conn = null;
    PreparedStatement stmt = null;
    try {
        Class.forName("com.mysql.cj.jdbc.Driver");
        conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/books?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC", "books", "books");

        // 检查权限
        String sqls = "SELECT state FROM users WHERE username = ? AND state = ?";
        stmt = conn.prepareStatement(sqls);
        stmt.setString(1, logonusername);
        stmt.setInt(2, 5); 
        ResultSet ros = stmt.executeQuery();
        if (!ros.next() || ros.getInt("state") != 5) {
            out.println("<script>alert('抱歉！您没有添加的权限！');window.location.href='../index.jsp';</script>");
            return;
        }

        // 插入书籍信息
        String sql = "INSERT INTO book (bookname, author, booknum, msg) VALUES (?, ?, ?, ?)";
        stmt = conn.prepareStatement(sql);
        stmt.setString(1, bookname);
        stmt.setString(2, author);
        stmt.setString(3, booknum);
        stmt.setString(4, msg);
        int rows = stmt.executeUpdate();

        if (rows > 0) {
            out.println("<script>alert('添加成功！');window.location.href='../admin.jsp';</script>");
        } else {
            out.println("<script>alert('添加失败，请重试！');window.location.href='../addbook.jsp';</script>"); // 假设这是添加书籍的页面
        }
    } catch (Exception e) {
        e.printStackTrace(); 
        out.println("<script>alert('发生错误，请稍后再试！');window.location.href='../error.jsp';</script>"); // 假设这是错误页面
    } finally {
        try { if (stmt != null) stmt.close(); } catch (SQLException e) { /* ignored */ }
        try { if (conn != null) conn.close(); } catch (SQLException e) { /* ignored */ }
    }
%>